CVE-2025-64734

Severity: Low CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Components affected: T21 Reader

Version of Command Centre affected:

• 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3))
• 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5))
• 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8))
• all versions of 9.00 and prior.
  

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability: Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial of service attack against that specific reader, preventing cardholders from badging for entry. 

Mitigating Factor: Only sites making use of T21 Readers are affected.

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.